Re: Basic question about RSA



William L. Bahn wrote:
There is a natural tendency among people that are intimately
familiar with a topic (and I'm certainly as guilty of it as the
next person) to assume that people that are new to that topic
should learn everything all at once. It seems like it should be
easy to teach them everything because it all just makes so much
sense. More specifically, there is a tendency to adopt the belief
that it is not appropriate to teach them things based on a
simplified model that will have to be modified later when a more
realistic model is used.

Perhaps. But when giving an oversimplified model that isn't actually
accurate, I think at a minimum one should disclose to the student that
what they've been told isn't actually accurate. Otherwise, people may
rely upon that inaccurate model and make bad decisions.

In this case, the oversimplified model leads to many misconceptions.
I've taught the material in the classroom, and I've seen the misconceptions.

Personally, I think that describing signatures by saying that they are
just a case of "encrypting with the private key" is the wrong way to teach
this stuff. I think it's better to treat signatures as a totally different
topic from encryption; to start by discussing the properties that signatures
have; and then give some example signature schemes. If you start by saying
that a signature scheme is where you encrypt with the private key, then
you end up confusing the security goals with a specific algorithm that
meets those goals; you confuse the specification with the implementation;
you confuse the end with the means. It leads to a misconception that all
signature algorithms work by "encrypting with the private key"; and that
misconception leads to many fundamental confusions.
.



Relevant Pages

  • Re: Basic question about RSA
    ... misconceptions. ... I think that describing signatures by saying that ... the private key" and "digital signatures" are one and the same. ...
    (sci.crypt)
  • Re: Basic question about RSA
    ... desired attempt is actually achieved (secure digital signatures). ... encrypting nor signing - it is merely transforming data from one ... because my intent is to provide confidentiality. ...
    (sci.crypt)